Date: Sun, 10 Jul 2005 01:31:59 -0700 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Brett Glass" <brett@lariat.org>, <questions@freebsd.org> Subject: RE: Has this box been hacked? Message-ID: <LOBBIFDAGNMAMLGJJCKNKEPMFBAA.tedm@toybox.placo.com> In-Reply-To: <6.2.1.2.2.20050708094601.086c0ae8@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
When I am in that same position as a rule I tell the customer that I would assume the system was rooted. The reason is that all of the times I've been called in on this type of job it has been because the previous admin was fired and they wanted to make sure he wasn't getting back in remotely and causing problems. You didn't say the circumstances behind this job of yours, but clearly, since this is a FreeBSD 4.11 system it's been built within the last 6 months. Now, the person that built it isn't around? Otherwise why would they be callin you in? You should assume the previous person that setup this system left some back doors. Ted
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LOBBIFDAGNMAMLGJJCKNKEPMFBAA.tedm>